Windows Task Manager is a very handy utility that helps you in variety of ways. You use Ctrl+Alt+Del to see what’s running on your PC, to close crashed programs and processes, and to check performance. You probably avoid a few processes whose names mean nothing to you, but they’re essential to Windows. Besides performance measuring you can also use Task manager to shut down, log off or restart your system, disconnect or log off other connected users. You can also use it to kill non responding programs. But, did you know it is also very helpful if you are infected with a virus.
The following list of standard and most common processes will help you identify legitimate processes from the unnecessary ones.
This is not a comprehensive list as that would take days. It has the standard processes as well as process names from popular applications. If you want to know about a process, the best place to go is… ProcessLibrary.com. Just like adware and spyware, there are bad processes that come to life thanks to the bad guys like Trojans and viruses. The site has a list of the top five security threats, so watch out for those processes.
acrotray.exe – Acrobat Assistant that is used when printing documents to a PDF. The process should not be removed while converting documents to PDF.
ADService.exe – Active Disk Service is a component of the Iomega zip drive.
AppServices.exe – Also for the Iomega zip drive.
ccEvtMrg.exe – Associated with Symantec’s Internet Security Suite. Keep it and protect your PC.
ccSetMgr.exe – Also associated with Symantec’s Internet Security Suite. Keep it and protect your PC.
csrss.exe – System process that is the main executable for the Microsoft Client / Server Runtim Server Subsystem. It should not be shut down.
csrcs.exe – Probably malware. Keep a watch.
ctfmon.exe – non-essential system process. If you’re using only English as the language, then it is not needed. However, it’s recommended to leave it alone.
explorer.exe – This must always be running in the background. It’s a user interface process that runs the windows graphical shell for the desktop, task bar, and Start menu.
iexplore.exe – Internet Explorer browser. But why are you using it unless it’s for a site that doesn’t work in any other browser? Use Firefox instead.
lsass.exe – Local Security Authority Service is a Windows security-related system process for handling local security and login policies.
Navapsvc.exe, nvsrvc32.exe, and navapw32.exe – These are Symantec’s North AnvtiVirus processes. They or whatever virus program you use should run all the time.
realsched.exe – RealNetworks Scheduler is not an essential process. It checks for updates for RealNetworks products. It can be safely disabled.
rundll32.exe – A system process that executes DLLs and loads their libraries.
savscan.exe – Nortons AntiVirus process. Keep it.
services.exe – An essential process that manages the starting and stopping of services including the those in boot up and shut down. Do not terminate it.
smss.exe – Session Manager SubSystem is a system process that is a central part of the Windows operating system. If you try to kill it, it will be difficult… hence, the importance of leaving it be.
spoolsv.exe – Microsoft printer spooler service handles local printer processes. It’s a system file.
svchost.exe x 6 – You may have more than six appearances of this process or less. It’s there multiple times to handle processes executed from DLLs. Leave it there.
System – This is a file that stores information related to local hardware settings in the registry under ‘HKEY_LOCAL_MACHINE’. Kill it and kiss your PC’s stability bye bye.
System Idele Process – calculates the amount of CPU currently in use by applications. This won’t go away no matter how hard you try. Don’t try it, OK?
taskmgr.exe – Appears when you press Ctrl+Alt+Del.
wdfmgr.exe – Windows Driver Foundation Manager is part of Windows media player 10 and newer. Better not to stop the process.
winlogon.exe – Handles the login and logout processes. It’s essential.
winword.exe – The great Carnac says, “You’re running Microsoft Word.”
List of Essential processes
Here is a list of processes in Windows XP and in other flavors that are essential:
taskmgr.exe
explorer.exe
svchost.exe
spoolsv.exe
lsass.exe
services.exe
winlogon.exe
csrss.exe
smss.exe
System Idle Process
Don’t panic if you see something you have on the “bad guy” list. svchost.exe is important, but some are good guys and some are bad guys. Do your research before deleting or closing anything. If you are suspicious about a particular process you can always search it in Google to see if it is necessaru one or that creepy virus or spyware that won’t go away easily.
I’ve noticed a recent addition on my list and can’t seem to shut it down. It’s called joeupe.exe and I can’t find anything when I search via google.
Do you know what this is and how I can get rid of it, thanks.
Hi Ally,
joeupe appears to be a possible malware. I can’t say for sure….please download autoruns from here http://forum.pcsecurityworld.com/showthread.php?tid=206
Find instances of joeupe.exe in its tab and disable, uncheck or remove them…
it was helpful.
thank u
Hey mate ive noticed a few other processors in my taskmanager
They are ielowutil.exe and
Syncserver.exe
It was really helpful! Thanx a lot, Eliyahu from Israel
my computer is infected by Trojan win64:sirefef-c. What processes do i need to delete from task manager?
Also, my backspace on my keyboard does not work, and although i think i could have deleted a driver, it shows up as working fine when i check systems for keyboard operation. any thoughts/??
You should normally see some strange entries with different numbers like
36129735.exe
31042588.txt
43841297.exe
check also if ydze.exe is there.
Since some trojans are very skilled in avoid detection..don’t just rely on spotting task manager entries. For better support on other issues, please put post your question in our security forum at http://forum.pcsecurityworld.com
This article says winlogon.exe is essential; this link says it is surely a virus—?????
Winlogon.exe is a windows process that handles logins and logout. It’s just that it’s targered by viruses and trojans most often.
Hi…I have between 46 and 50 processes running at the same time. There are two of some i.e., FlashPlayer.exe, Taskeng. exe and sidebar.exe. Is that normal? I’m researching but not finding the answers I’m looking for. Thank you… : ) Very much!
Hi Debbie,
All the three processes are normally considered safe. Two of them are part of Windows while FlashPlayer.exe belongs to Adobe flash player. There’s no need to worry. :)
My computer hung up and I stopped all processes. Now I can’t get anything to work. How do I get them back?
Penny, it sounds like you’ll need to restart your computer. There is a manual way to restart a process running from the task manager, but without knowing the names of all the processes (for example explorer.exe) then you’re kind of out of luck. The good news is a reboot will have you back to square 1. Great article!
when i run google chrome the task manager shows 4 seperate Chrome.exe processes. is this normal? each of them use different amounts of memory from 7,000K to 89,000K
That’s ok Chuck. Chrome runs in separate processes to minimize the impact of browser crashing and taking other instances (tabs / windows) along with it.
I have a process called “system”
it is taking some memory like 780Kb to 1MB.
I don’t recall i have seen it before in my task mgr. I think it might be malware. Is it really malware or safe?
Does it show up as system or system.exe? I have seen viruses with system.exe name as well. System and System idle process are Windows processes.
It is just “system” without “.exe” .
Oh it’s ok then. If your system does not exhibit any other signs of a viral infection, you are good to go. :)
Hello, this has been really helpful. However, I see a process with an IP address. I suspect it to be a key logger but I’m not sure. I want to avoid downloading anything…
Can someone help? Starts something like this…: 48.36.24 etc…
i have a problem on my laptop …. because everytime i open “cmd” my computer will automatically restart … and i don’t know why … can you help me to my problem?? hope you can help me .. thank you very much that’s all ..
GodBless you.. :)
Keep on writing, great job!
i seem to have multiple processes that are titled “jvcazorli.exe”. It’s taking up a range of 1k-100k memory and there is around 5 with it sometimes spiking to 10-20 of them. Can you identify what this is? thanks.